Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/CKlFzis5ddR6idDvEBBrH0Xa6vo.roa
File: CKlFzis5ddR6idDvEBBrH0Xa6vo.roa (raw, json)
Hash identifier: czH8er4Hjx+q0WmCslCOyi041nxgXD53Afz3H8wneHo=
Subject key identifier: 08:A9:45:CE:2B:39:75:D4:7A:89:D0:EF:10:10:6B:1F:45:DA:EA:FA
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0199CE608E62EA9D896A7B4F56EE71D9C6A5
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/CKlFzis5ddR6idDvEBBrH0Xa6vo.roa
Signing time: Fri 10 Oct 2025 13:47:38 +0000
ROA not before: Fri 10 Oct 2025 13:47:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 64267
IP address blocks: 88.209.203.0/24 maxlen: 24
88.209.207.0/24 maxlen: 24
88.209.230.0/24 maxlen: 24
88.209.245.0/24 maxlen: 24
88.209.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 05:01:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ce:60:8e:62:ea:9d:89:6a:7b:4f:56:ee:71:d9:c6:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Oct 10 13:47:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08a945ce2b3975d47a89d0ef10106b1f45daeafa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:44:dd:e0:2b:9d:ad:f0:ce:ce:ae:c5:94:f2:
c8:1a:b2:81:52:45:63:9b:fa:d1:f9:07:c3:4d:8c:
eb:94:a4:f6:53:ce:d8:5c:ef:ae:4d:43:fd:32:ba:
a9:e1:27:5c:58:af:63:94:41:19:99:67:63:11:1f:
b1:17:a0:be:2a:c1:a8:03:48:43:d7:0e:7a:0c:45:
97:64:8e:f0:06:01:86:de:a4:0b:ff:39:9d:a3:c6:
4a:12:ba:4b:07:cc:5c:1f:7b:cb:34:ad:4c:5d:4d:
a3:4b:54:02:4c:05:4a:c4:a9:66:e2:48:a9:37:34:
8a:0c:11:9a:7f:88:16:77:49:03:f8:55:ae:06:85:
d7:1f:77:f3:7a:dd:1b:91:e6:2f:c7:26:e0:e8:87:
3f:97:f3:fa:4a:61:2e:0f:d6:bd:7d:91:4a:32:25:
59:8d:dd:0a:d6:20:c3:21:f9:25:e1:63:25:77:91:
b4:bf:2e:69:a4:83:1d:89:24:98:75:81:0d:c3:c2:
2f:29:07:d1:81:01:bf:ef:82:48:5e:4a:25:d0:18:
b9:59:e4:89:2a:44:47:6c:72:f1:26:12:58:16:d3:
03:b3:6c:fd:1d:ae:9a:77:1f:07:48:3d:9f:07:4f:
16:df:e9:a2:78:a7:81:ea:a8:23:ed:44:ae:a8:f2:
51:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:A9:45:CE:2B:39:75:D4:7A:89:D0:EF:10:10:6B:1F:45:DA:EA:FA
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/CKlFzis5ddR6idDvEBBrH0Xa6vo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.203.0/24
88.209.207.0/24
88.209.230.0/24
88.209.245.0/24
88.209.255.0/24
Signature Algorithm: sha256WithRSAEncryption
9d:04:89:7d:b9:0b:1a:5e:a8:ae:58:e8:db:57:e5:ca:b4:d5:
1e:97:93:9b:81:2a:05:77:2f:9c:27:a4:af:ad:83:40:52:eb:
d4:37:3a:7f:2d:c0:58:54:15:45:e1:a7:e4:6c:7f:18:72:23:
05:fb:f0:b0:c3:4f:2c:ec:aa:d5:3c:e8:e9:59:8a:7b:0a:37:
77:63:fe:83:9c:48:c1:cf:e7:40:9a:42:73:c0:9a:4b:b9:04:
d9:9e:ee:0e:54:b4:e6:d6:48:9e:58:c4:52:18:46:c5:8c:6b:
f5:d2:da:2c:0e:74:3c:00:a8:0c:ef:3d:fe:78:bf:25:97:98:
ff:50:27:6d:3e:17:8e:fb:86:51:0f:6f:3f:f0:59:60:40:fd:
3e:58:1c:ef:f0:08:f2:5f:e4:a8:eb:42:5d:ab:2c:92:6f:16:
fb:48:aa:be:c4:c5:a0:af:83:2f:7a:67:23:e0:dd:64:a4:91:
52:1c:3d:be:8b:fc:ac:fd:5c:9b:ca:5d:0a:cd:ee:5e:f2:eb:
79:77:f7:be:7b:ab:c6:4b:f5:f8:36:58:90:85:19:ff:95:47:
cd:35:e2:6e:f1:4e:df:e2:3b:b7:19:aa:d5:e7:21:20:4d:e5:
68:35:9f:a1:ca:ff:88:83:bb:e3:68:41:e8:d3:55:c9:5a:70:
d2:9a:39:f1
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZnOYI5i6p2JantPVu5x2calMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUxMDEwMTM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGE5NDVjZTJiMzk3NWQ0N2E4OWQwZWYxMDEwNmIxZjQ1ZGFlYWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00Td4CudrfDOzq7FlPLIGrKBUkVj
m/rR+QfDTYzrlKT2U87YXO+uTUP9Mrqp4SdcWK9jlEEZmWdjER+xF6C+KsGoA0hD
1w56DEWXZI7wBgGG3qQL/zmdo8ZKErpLB8xcH3vLNK1MXU2jS1QCTAVKxKlm4kip
NzSKDBGaf4gWd0kD+FWuBoXXH3fzet0bkeYvxybg6Ic/l/P6SmEuD9a9fZFKMiVZ
jd0K1iDDIfkl4WMld5G0vy5ppIMdiSSYdYENw8IvKQfRgQG/74JIXkol0Bi5WeSJ
KkRHbHLxJhJYFtMDs2z9Ha6adx8HSD2fB08W3+mieKeB6qgj7USuqPJRlwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFAipRc4rOXXUeonQ7xAQax9F2ur6MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvQ0tsRnppczVkZFI2aWREdkVCQnJIMFhhNnZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAWNHLAwQA
WNHPAwQAWNHmAwQAWNH1AwQAWNH/MA0GCSqGSIb3DQEBCwUAA4IBAQCdBIl9uQsa
XqiuWOjbV+XKtNUel5ObgSoFdy+cJ6SvrYNAUuvUNzp/LcBYVBVF4afkbH8YciMF
+/Cww08s7KrVPOjpWYp7Cjd3Y/6DnEjBz+dAmkJzwJpLuQTZnu4OVLTm1kieWMRS
GEbFjGv10tosDnQ8AKgM7z3+eL8ll5j/UCdtPheO+4ZRD28/8FlgQP0+WBzv8Ajy
X+So60JdqyySbxb7SKq+xMWgr4Mvemcj4N1kpJFSHD2+i/ys/Vybyl0Kze5e8ut5
d/e+e6vGS/X4NliQhRn/lUfNNeJu8U7f4ju3GarV5yEgTeVoNZ+hyv+Ig7vjaEHo
01XJWnDSmjnx
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:41 2025 by rpki-client